tv The Stream Al Jazeera December 23, 2014 12:30pm-1:01pm EST
garden. one way people here are supporting the informal sector this christmas, i'm with al jazeera. a quick reminder too you with always keep up to date with all the latest news and analysis and details on our website, that is at al jazeera.com. hi, i am lisa fletcher, and you are in the stream. prediction that cyber attacks of far greater scale could be around the corner. will americans confidence in the economy be more closely tied to cyber plus, unlocking medical mysteries in cuba. and forget dropping a check in the mail, $5 billion just this year instantly transferred hands by a social media platforms. what it means for you and the banks.
my digital produceser here, when you are talking about a hack the size of sony, it makes you think if corporations like that can't protect themselves how do we protect ourselves at individuals. >> is anything safe, i remember this dooms day scenario being presented in movies. real genius, 80 movies even diehard four, this was a scenario but now this fiction is reality. it isn't just sony, it is retail giants and we asked our community about this, and disappeared news has an important note, he says i think there's an important and over looked at becket of these breeches, a criminal failure to protect data properly. and it seems that he is saying the responsibility
is on us, the consumer and private companies to play catch up. >> if all we are doing is playing catch up we will never get to where we need to be. >> yeah. >> within hours of reports that north korea was involved in the cyber attack on sony, the company canceled the release of the movie "the interview." this of course raising questions about the power of a threat, and the precedents but also what a hack of this magnitude implies. for consumer confidence, and the safety and security of american companies and banks is at stake in just the last year, ebay, jpmorgan chase, and many others have had between 50 million, and nearly 150 million records stolen. prompting some to hire armies of ethical hackers to find and fix cracks. but while patching the cracks can they get ahead of the brilliant minds
creating the breeches. s there any place, truly safe from hackerer joining us, considered one of the best in the business, when it comes to ethical hacking. he is the founder of a is h embedded device security company. an information security analyst, and c.e. of psychotic software, which provides i.t. security to companies worldwide. so glad you are with us, we know this is being considered one of the most destructive cyber attacks in america. do you expect this something of this scale required inside help. >> you know, i am sad to say that methods that they probably used to getting recess, and to escalate, and get access to personal data are pretty standard when we look at a cyber security assetsment or anything like that. you can probably a hire a uhm in beof firms that
are available for a reasonable price. so one thing we do have to consider is the speed at which this was accomplished, so an insider can help, especially if they are pointed to the right areas and the right data bases and the right servers to take the information from, and then there's on interesting piece, which we don't usually do, is the destructive pieces to this. so the folks that gains access to this network, at the end of the day, they wanted to destroy things, so there's thousands of workstations that are destroyed, and so that's something that's not normally exercises during a normal security assessment that we sue during this breech. >> the fbi says north korea is behind the attack, how would they figure that out, and does tracking the culprit when you have access to their networks in. >> good question. at tri-biases is one of
the most difficult things in cases like this, typically they won't directly attack your systems. they will come through one, two, perhaps multiple sources. so even just being able to figure out who it was, definitively, i don't know the specifics of how they have done that. there are ways and means to do it, it wouldn't moan they have access to their networks but some indications of where the location was. think of it like backtracking all the way back through the attack. >> i understand that a lot of the hacking that the government seems to think comes through north korea actually starts in china. >> that is certainly what the reports are saying. so it is very likely that north korea may not have the resources themselves to do this type of attack, but there are people are available to be able to actually hire them, and bring them in, and have them do the attack. >> so we are talking about the sony hack. the united states should first find out the exact reasons for the attacks and why sony was targeted, and lisa as a right people are now
alleging because of the movie "the interview." we are still waiting to find out, and check out my screen here, what makes i.t. breeches successful. 100% of organizations surveyed had a significant attack in the last two years, 87% of organizations felt impacted by privileged misuse, attackers use privilege, and 67% of tax, and three main way gain access. compromised a privilege user's workstation, two, stoled a users credentials, and that's what this saying happened in the sony hack, and three through a pass a hash the attack. and lisa you found this website, the world's biggest data breeches selected losses greaten than 30,000, this is 145 million on ebay. adobe, 152, look at these names, chase, target, this is terrifying, business hacks. so we are talking about
hacks we have had you on the show before. they can really threatened lives, good hackers and bad hackers, they are called this white hat and the black hat hackers how can they be used by the government and private companies to make sure something like this never happens again i think basically admit to ourselves that rewitness good at cyber security, and there's a lot of reasons but i think a lot stem from how executives approach this program. and honestly, a lot of them are not considered meres to the other executives they work with, so i don't know if an event like sony will raise the importance of information security within an organization.
hopefully raise the importance of someone like a chief information security officer but if you don't have buy in from the top, you won't be able to execute any. i am sure if we talk to the folks doing security i am sure they have identified this before. as far as hiring people that understand how to do this, it is important that folks to that, you have to understand how an attacker is going to gain access to your note work. you have to understand how they are going to escalate and gain privilege access to sensitive meises of information, if you don't know how that works how can you defend against it. that's where i think a lot of, cans can benefit from hiring someone on the flip side of defense, a lot of people are wondering what the
retaliation will be but you have to believe something in terms of releasing a cyber arsenal is being released. what do you anticipate the cyber response to be if any. >> when are you going to go after a foreign entity, only the u.s. government has the authority to do that. and so they have options that are not available to anyone else, so when we say hey, we need the government to come in and help us here, i don't think any corporation in the world wants the u.s. government to help them configure fire walls, what they need to do is do information sharing and threat intelligence sharing, and more importantly, the options that are only available to the u.s. government like response, for example, responding in kind and and so it will be interesting to see what they do here, so i think everyone is watching closely as to what the response will be
jonathon, last question, and we have to wrap it up, do you expect private companies to do their own gathering to prevent these sorts of attacks as best they can. >> certainly. i think folks are already doing a lot of that billy brings up an interesting information, is this concept of active defense. and so with active defense, there's this idea you are being attacked is it okay to attack back. and generally have to have the appropriate legal things in place, and like bidly said unique. and they may know where the folks are, but are they able to go back and recalluate against those people and the general viewpoint is that it is interesting and fascinating to look at these things but no one can really do it, but there are smaller steps that can be taken you can almost apply a lot of
this stuff to physical security. and so there's a lot of mechanisms that people can use, just to frustrate and annoy the attacker somewhere else. >> yeah, an easier target. >> thank you so much for being here, billy we will see you a little later in the show. as much as cuba is viewed as a time capsule, isolated from the free world, it is also a treasure chest, much of the global medical community is eager to unlock. coming up next, how improved relations could lead to accessing treatments the island nation is perfecting for lung cancer and other diseases.
in one area, this is expected to impact healthcare. cuba has unlocked a number of health invasions and lifting travel restrictions could mean add recess to the global community. request cuba, and not reasonable ago, he led a trip to cuba with a help of government and public health leaders to learn ways to improve medical care. and with us from california, michelle berry, senior dean from global health, thank you for being here, so doctor, given what the world sees of cuba it is surprising to find out they are a global leader in some areas that has peeked the interest of the outside community. >> i think you need to remember that cube wayhas been isolated for a long time, and one of the silver linings is they
have forced to be self-contained, elf invitive and independent from everybody else. so they have a lot of money into a bio tech industry to make up for the drugs and medical devices that can't buy from citizen owns or bartley owns companies and of course, recently, the united states companies pharmaceutical companies medical device companies have bought up many around the world, so sources cuba used to have, suddenly disappears once there was u.s. ownership to any degree. so they have made their own investment, so that now they have 52 research institutes, and 58 different facilities that manufacture medical devices, and drugs. they have begun to discover some things that may be helpful.
what are some of those things? i heard they have a vaccine they have been very active in terms of vaccines for infectious disease, they have some of the first vaccines. november also developed a drug they call ever prop. it is a strange name, but it is a derivative of growth factor that is injected into the margins of diabetic itsers. and they have been managing at least in the cuban context, to provide release from that disease for about 80% of the patients. that's significantly better than we have been able to do here.
and it looks like it lasts pretty long. we talked to our community. >> sad joke in cuba is you can get a doctor, but you can't get an aspirin. as spring. who couldn't afford healthcare, and cried when it was free in cuba, cuba equals health tourism. the biggest benefit would be help in cuba, and stream and also training, and a lot of people are saying doctors are helping with ebola outbreaks. and a cuban american says well, the embargo doesn't apply to medical supplies but perhaps doctors.
oh countries continents to help with the ebola outbreak, how can we in the united states actually benefit from cuban doctors? what is unique about cuban doctors is they have a completely different approach. only a small percentage actually specialize. they have this unique way of going into neighborhoods where the doctor nurse, team the doctors are assigned a couple of stir blocks about 1,000 people, and they have a responsibility for making house calls. or home visiting. so it is very -- there's
a sense of community engangment, which we don't have in the states. and what is amazing about this, is that spending less than 10% for person. they spend really very small amount per person, they have better infant mortality statistics. and they live just as long as we do. >> michelle, how do we know if that really translates. because you are talking about a population of about 12 million people, which is maybe a third larger than the city of new york, you are talking about a communist regime, you are talking about ultimate control, if you say kids will get vaccinated by god they will get vaccinated. they only pay their doctors about 50-dollar as month, while it works for cuba, what gives you any sense that that could be scaled up to the size of a country like the u.s.. >> i think the scale up and what the u.s. should have die lock about, is relatively this concept of preventive healthcare
in the u.s. we wind up treating diseases as they occur. i think what is different about the cuban seasonals is this judge reach to community, where they prevent the disease before it occurs. i think that's an interesting approach. i also think in the united states our public health schools are separated from our medical schools this is all integrated in the cuban system. >> this debate is on our facebook wall, check this out i don't see how dropping the embargo will do anything to our doctor patient ratio, however, sophia says cuba's patient care is better than other countries they also have a longer life expectsy, and john says this topic sounds interesting, i am not sure how policy would be impacted but i am willing to learn.
>> doctor, final thoughts, obviously these won't be incredibly tangible, but this is more about access to learn, and maybe access to entire systems? as michelle was talking about in terms of the way they approach preventive healthcare? >> well, i think there's a great deal to learn from cuba, and yes, there may be some advantages to looking at veg medicines and cooperating in their development and so on. but the real change is having healthcare workers in the neighborhoods responsible for health that is a major difference, and you should know there are a number of communities that are doing their best to look at cuba, and see what principles of the system may be applicable here in our very different system. all right, i want to thank both of our guests. thank you so much for being with us, still ahead, google became a verien for finding information, now you may be ask someoning to venm
welcome back. $5 billion was transferred by a mobile payment this year alone in the united states. and that number is expected to triple in the next few years. here to talk about the broader impact is david wellver, the founding editor of money under 30, that's a personal finance blog for young professionals. a good guy hacker. so david, mobile payment systems aren't new. but they are certainly gain in popularity how do these work? >> well, basically, they store your financial information, so let's say your credit card number, or your debit card, in your phone. and then after the point
of sale, if you are at a store, you can simply tap your phone, or swipe the bar code, and put it in a pin in the phone and that sends your information to the merchant, and the other way they are popular is to send money to friends let's say you go out to dinner and someone picks up the whole tab, be uh you owe $25 for your share, instead of going to an a.t.m., you can say with your mobile phone, i want to pay my friend sally, $25 it transfers that money to her account. >> what is happening now that companies like apple and twitter and facebook and others are wanting too get in on the game. >> that interaction that takes place, you multiply that by tens of million as day, that adds up to billions of dollars in a year. the other thing i think that is attractive to
retailers especially, is the ability to couple your payment information with let's say a coupon. and star bucks is a great example, they have a payment app that has been going on for several years and with someone who loads their phone, with a starbuck's balance and pays for their coffee, they can get offs on their phone saying hey, you haven't bought a coffee in a while, or here is half off, come back to the store. and that is huge. for retailers. >> . >> so billy, i am thinking if sony gets hacked my little app will get hacked how safe are these? >> i think we have a long ways to two, so anyone that gets access to your phone, can initiate or receive a payment on your behalf. i don't think i have seen an app where it requires a pin or another step of any kind of security when you are about to send a payment. another thing to consider is banks are pretty good at fraud detection, information, when we see a credit card breech occur, many times it is
the bank that detected it not a technical investigator, and they detect that through fraud algorithms they have in place, and they can say look, it looks like this specific organization got compromised. i don't know how many from fraud sophistication that is sophisticated as that. we probably have a long way to go. >> do you use them. >> i don't have any on my phone, i don't have any mobile banking apps. i use online banking uh be i don't have even app. >> i guess we should take a cue from the ultimate good guy. >> this is -- who needs wallets now, check out my screen, this is venmo, make and send payments would you do it. >> i don't know -- not in light of what billy is saying i wouldn't. >> there's also google, tap and pay with your phone. spend anywhere with a google wallet, there's apple peay, your wallet without the wallet an easier way to pay.
i would never in a million years use my possibly to purchase anything. and joseph says my greater fear is scam. not at all, i am not worried if something happens the companies we are trust having to make things right. now, billy speaking of hacking you are my go to hacker here. apple says they have a three step identify case process. they are saying that apple pay is safer i think they use a code, a cryptogram, so after all that you have heard, should we trust apple pay? and their three step verification, should i ditch my wallet. >> i think apple has done a pretty good job, as far as other -- hey, the organization that's going
to process my payment has to make me whole. that's not the case in every payment system that we have so people have become accustom to that, credit carts i think the limit right now is $50 if there's a fraud to ocurbed and you will get that money back, or you went have to pay them, that doesn't apply to every payment system. the company that is processing that may not have to refund that so you, we don't have the same protections as when it comes to credit card apps. >> thanks again to the rest of the guests, until next time, we will see you online.